Amazon Scenario Questions

1.      You work for a automotive company which is migrating their production environment in to AWS. The company has 4 separate segments, Dev, Test, UAT & Production. They require each segment to be logically isolated from each other. What VPC configuration should you recommend?

-          Create a separate VPC for each segment.  Then create VPN tunnels from your HQ to each VPC so that the appropriate teams can each speak to their dedicated VPC

2.      You are solutions architect working for a busy ecommerce store. Due to your organisations unique security requirements, you decide to utilize EC2 running a MySQL database, rather than using RDS. You need to architect this EC2 instance to maximise your disk IO. Which of the following would give you the best disk performance?

-          Add 2 x additional Provisioned IOPS (PIOPS) SSD volumes and create a RAID 0 and install MySQL on this RAID 0.

3.       You are designing an AWS solution for a new customer and they want to use their active directory credentials in order to sign in to the AWS management console. What kind of authentication response is required in order for users to authenticate with the AWS security token service (STS).

-          Use SAML (Security Assertion Markup Language) response

4.      You are designing a new application for a financial company that will utilize spot EC2 instances as and when they meet a certain price point. These EC2 instances will analyse data and the output their analysis to the root volume. You need to store this data in a persistent form of storage so that if the spot instances are terminated by Amazon, you will not use your data. You need to choose the lowest cost service. Where should you store your data?

-          S3

5.      You are designing a web application for a new social media start up and have recommended using DynamoDB for the database due to its superior performance. You need to ensure that your database has redundancy. What additional steps should you do?

-          Nothing. In dynamoDB all data is automatically replicated across multiple availability zones

6.      You are designing an application for a furniture retailer. A component of the application takes pictures of the furniture for sale and generates thumb nail images which then need to be stored persistently. The business can tolerate it if some images are lost as they can be regenerated. The thumbnails will need to be retrieved immediately when the application requests them. What is the cheapest option to do this?

-          Use S3 RRS

7.      You are designing an image sharing website that will distribute images across the world. You need maximise performance so that your end users can download frequently accessed images as fast as possible. What AWS technology should you implement?

-          Cloudfront

8.      You are an AWS architect and you require encryption at rest for additional volumes attached to your EC2 instance. What is the quickest and most efficient way to achieve this?

-          Configure encryption when creating the EBS volume

9.      You are putting together a wordpress site for a local charity and you are using a combination of Route53, Elastic Load Balancers, EC2 & RDS. You launch your EC2 instance, download wordpress and setup the configuration files connection string so that it can communicate to RDS. When you browse to your URL however, nothing happens. Which of the following could NOT be the cause of this

-          You have locked port 22 down to your specific IP address.so the users cannot access your site using HTTP / HTTPS.

10.  You have created a custom VPC with 3 subnets, 2 private, 1 public. You deploy 3 EC2 instances in to your public subnet and attach Elastic IP addresses to these instances. You then deploy an EC2 instance in to your private subnet and then attempt to apply security patches to this instance, however it has no internet connectivity. What can you do to give this instance internet access?

-          Deploy a NAT to the public subnet and then update the main route table to send traffic via the NAT to the private subnet

11.  Under the shared responsibility model for DynamoDB which of the following is NOT a responsibility of Amazon.

-          Restricting access of DynamoDB so that only the customers web application EC2 can write data to it.

12.  You are a Solutions Architect working for a major European oil company. You are designing a new web application which will need to access data stored in DynamoDB. You need to do this as securely as possible, without storing any credentials on a long term basis. How would you achieve this?

-          Use AWS identity and Access management roles for the EC2 instances that need to make the API calls.

13.  You are a solutions architect working for a large cell phone company in the US. Your CSO has engaged a third party security company to conduct a security audit of your company to make sure it is not liable to hacking. The third party security company would like to conduct a penetration test on your AWS estate. Would this be allowed by AWS?

-          Yes but first you need to request permission from AWS

14.  You are designing a new VPC for a customer and you need to deploy your EC2 instances in to multiple availability zones. What is the minimum number of subnets that you require to achieve this objective?

-          2 subnets with each subnet in independent AZ

15.  You are creating a new VPC with 3 subnets in 3 separate availability zones. You require instances in each subnet to be able to communicate to each other by default. What additional steps should you take in order to achieve this objective

-          Do nothing as subnets can communicate with each other by default.

16.  You have a high performance compute application and you need to minimize network latency between EC2 instances as much as possible. What can you do to achieve this?

Ø  Create a placement group within an Availability Zone and place the EC2 instances within that placement group

17.  You are creating your own relational database on an EC2 instance and you need to maximise IOPS performance. What can you do to achieve this goal?

Ø  Add multiple additional volumes with provisional IOPS and then create a RAID 0 stripe across those volumes

18.  You run a website which hosts videos and you have two types of members, premium fee paying members and free members. All videos uploaded by both your premium members and free members are processed by a fleet of EC2 instances which will poll SQS as videos are uploaded. However you need to ensure that your premium fee paying members videos have a higher priority than your free members. How do you design SQS?

Ø   Create 2 SQS Queues – one for premium members and other for free members and configure the EC2 instances to poll the premium queue first and if empty then process the free members queue.

19.  You are hosting a MySQL database on the root volume of an EC2 instance. The database is using a large amount of IOPs and you need to increase the IOPs available to it. What should you do?

Ø   Add 4 additional EBS SSD volumes and create a RAID 10 using these volumes.

20.  You have been asked to create VPC for your company. The VPC must support both Internet-facing web applications (ie they need to be publicly accessible) and internal private applications (i.e. they are not publicly accessible and can be accessed only over VPN). The internal private applications must be inside a private subnet. Both the internet-facing and private applications must be able to leverage at least three Availability Zones for high availability. At a minimum, how many subnets must you create within your VPC to achieve this?

Ø  6 (3 public and 3 private subnets)

21.  You work for a cosmetic company which has their production website on AWS. The site itself is in a two-tier configuration with web servers in the front end and database servers at the back end. The site uses using Elastic Load Balancing and Auto Scaling. The databases maintain consistency by replicating changes to each other as and when they occur. This requires the databases to have extremely low latency. Your website needs to be highly redundant and must be designed so that if one availability zone goes offline and Auto Scaling cannot launch new instances in the remaining Availability Zones the site will not go offline. How can the current architecture be enhanced to ensure this?

Ø  Deploy the site in 3 different Availabiity zones within the same region.  Configure the auto scaling such that minimum to handle 50% of the peak load per zone. So if you lost an Availability zone you would still have 2 other Availability zones each configured to handle 50% +50% =100%.

Ø  Since the databases need to have very low latency, deploying across regions is not an option.

22.  You working in the media industry and you have created a web application where users will be able to upload photos they create to your website. This web application must be able to call the S3 API in order to be able to function. Where should you store your API credentials whilst maintaining the maximum level of security.

Ø  Do not save API credentials instead create an IAM role and assign the role to the EC2 instance when you first create it.

23.  You are a systems administrator and you need to monitor the health of your production environment. You decide to do this using Cloud Watch, however you notice that you cannot see the health of every important metric in the default dash board. Which of the following metrics do you need to design a custom cloud watch metric for, when monitoring the health of your EC2 instances?

Ø  Memory usage

24.  You are a student currently learning about the different AWS services. Your employer asks you to tell him a bit about Amazon's glacier service. Which of the following best describes the use cases for Glacier?

Ø  Infrequently accessed data and data archivals

25.  You work for a toy company that has a busy online store. As you are approaching christmas you find that your store is getting more and more traffic. You ensure that the web tier of your store is behind an Auto Scaling group, however you notice that the web tier is frequently scaling, sometimes multiple times in an hour, only to scale back after peak usage. You need to prevent this so that Auto Scaling does not scale as rapidly, just to scale back again. What option would help you to achieve this?

Modify the auto scaling group cool down timers and modify the Amazon cloudwatch alarm period that triggers the auto scaling scale down policy.

26.  You work in the genomics industry and you process large amounts of genomic data using a nightly Elastic Map Reduce (EMR) job. This job processes a single 3 Tb file which is stored on S3. The EMR job runs on 3 on-demand core nodes and four on-demand task nodes. The EMR job is now taking longer than anticipated and you have been asked to advise how to reduced the completion time?

Ø  You should reduce the input split size in the MapReduce job configuration and then adjust the number of simultaneous mapper tasks so that more tasks can be processed at once.

27.  You are a security architect working for a large antivirus company. The production environment has recently been moved to AWS and is in a public subnet. You are able to view the production environment over HTTP however when your customers try to update their virus definition files over a custom port, that port is blocked. You log in to the console and you allow traffic in over the custom port. How long will this take to take effect?

Ø  Immediately

28.  You are a solutions architect working for a biotech company who is pioneering research in immunotherapy. They have developed a new cancer treatment that may be able to cure up to 94% of cancers. They store their research data on S3, however recently an intern accidentally deleted some critical files. You've been asked to prevent this from happening in the future. What options below can prevent this?

Ø  Enable S3 versioning on the bucket and enable multi factor authentication on the bucket.

29.  You run an automobile reselling company that has a popular online store on AWS. The application sits behind an Auto Scaling group and requires new instances of the Auto Scaling group to identify their public and private IP addresses. How can you achieve this?

Ø  Using a curl or Get command to fetch the meta-data using the URL http://169.224.169.224/latest/meta-data

30.  You are a solutions architect who has been asked to do some consulting for a US company that produces re-useable rocket parts. They have a new web application that needs to be built and this application must be stateless. Which three services could you use to achieve this?

Ø  RDS,  DynamoDB and ElastiCache

31.  Your company has decided to set up a new AWS account for test and dev purposes. They already use AWS for production, but would like a new account dedicated for test and dev so as to not accidentally break the production environment. You launch an exact replica of your production environment using a cloudformation template that your company uses in production. However cloudformation fails. You use the exact same CloudFormation template in production so the failure is something to do with your new AWS account. The CloudFormation template is trying to launch 60 new EC2 instances in a single availability zone. After some research you discover that the problem is;

Ø  for all new AWS accounts there is a soft limit of 20 instances per region. You should submit the limit increase form and retry the template after your limit has been increased.

32.  You work for a famous bakery who are deploying a hybrid cloud approach. Their legacy IBM AS400 servers will remain on premise within their own datacenter however they will need to be able to communicate to the AWS environment over a site to site VPN connection. What do you need to do to establish the VPN connection?

Ø  Assign a public IP address to your Amazon VPC Gateway

33.  You work for a major news network in Europe. They have just released a new app which allows users to report on events as and when they happen using their mobile phone. Users are able to upload pictures from the app and then other users will be able to view these pics. Your organisation expects this app to grow very quickly, essentially doubling it's user base every month. The app uses S3 to store the media and you are expecting sudden and large increases in traffic to S3 when a major news event takes place (as people will be uploading content in huge numbers). You need to keep your storage costs to a minimum however and it does not matter if some objects are lost. Which storage media should you use to keep costs as low as possible?

Ø  S3 Reduced Redundancy Storage

34.  You have developed a new web application in us-west-2 that requires six Amazon Elastic Compute Cloud (EC2) instances running at all times. You have three availability zones available in that region (us-west-2a, us-west-2b, and us-west-2c). You need 100 percent fault tolerance if any single Availability Zone in us-west-2 becomes unavailable. How would you do this, 

Ø  Option-1: us-west-2a with 6 EC2 instances, us-west-2b with 6 EC2 instances and us-west-2c with no EC2 instances.   Option-2:  us-west-2a with 3 EC2 instances, us-west-2b with 3 EC2 instances.

35.  You work for a construction company that has their production environment in AWS. The production environment consists of 3 identical web servers that are launched from a standard Amazon linux AMI using Auto Scaling. The web servers are launched in to the same public subnet and belong to the same security group. They also sit behind the same ELB. You decide to do some test and dev and you launch a 4th EC2 instance in to the same subnet and same security group. Annoyingly your 4th instance does not appear to have internet connectivity. What could be the cause of this?

Ø   Assign an elastic IP address to the 4^th instance

36.  You have been asked to create VPC for your company. The VPC must support both Internet-facing web applications (ie they need to be publicly accessible) and internal private applications (i.e. they are not publicly accessible and can be accessed only over VPN). The internal private applications must be inside a private subnet. Both the internet-facing and private applications must be able to leverage at least three Availability Zones for high availability. At a minimum, how many subnets must you create within your VPC to achieve this?

Ø  6 (3 public and 3 private)

37.  You work for a cosmetic company which has their production website on AWS. The site itself is in a two-tier configuration with web servers in the front end and database servers at the back end. The site uses using Elastic Load Balancing and Auto Scaling. The databases maintain consistency by replicating changes to each other as and when they occur. This requires the databases to have extremely low latency. Your website needs to be highly redundant and must be designed so that if one availability zone goes offline and Auto Scaling cannot launch new instances in the remaining Availability Zones the site will not go offline. How can the current architecture be enhanced to ensure this

Ø  Deploy your site in 3 different Availability Zones within the same region. Configure auto scaling minimum to handle 50% of the peak load per zone

38.  You are building a system to distribute confidential training videos to employees.  Using CloudFront what method could be used to serve content that is stored in S3, but not publicly accessible from S3 directly?

Ø  Create an Origin Access Identity for CloudFront and grant access to the objects in S3 bucket to that OAI.   

39.  Which of the following will occur when an EC2 instance in a VPC with an associated Elastic IP is stopped and started?

Ø  All data on instance store devices will be lost.  Elastic IP is disassociated only if the instance is terminated.

40.  You must assign each server to atleast how many security groups

Ø  1

41.  Before I delete an EBS volume, what should I do if I want to recreate the volume later

Ø  Store a snapshot of the volume

42.  The device name /dev/sda1 within Amazon EC2 is

Ø  Reserved for root device

43.  What is Reduced Redundancy Storage?

Ø  Less redundancy and low cost storage for infrequent access

44.  Resources that are created in AWS are identified by a unique identifier called an _

Ø  Amazon Resource Name

45.  The command - ec2-run ami-e3a5408a -n 20 -g appserver

Ø   Start 20 EC2 instances in appserver group using the mentioned AMI.

46.  While creating an Amazon RDS DB, your 1^st task is to setup a DB ??? that controls which IP addresses and EC2 instances have access to the DB instance

Ø  Security Group

47.   When you run a DB instance in a multi AZ deployment, ??? serves database writes and reads

Ø  Primary

48.  An organization has created 5 IAM users. The organization wants to give them the same login ID but different passwords. How can the organization achieve this?

a)      The organization should create a separate login ID but give the IAM users the same alias so that each one can login with their alias.

b)      The organization should create each user in a separate region so that they have their own URL to login

c)      It is not possible to have the same login ID for multiple IAM users of the same account

d)      The organization should create various groups and add each user with the same login ID to

Ø  It is not possible to have the same login ID for multiple IAM users of the same account

Explaination - AWS Identity and Access Management is a web service which allows organizations to manage users and user permissions for various AWS services. Whenever the organization is creating an IAM user, there should be a unique ID for each user. It is not possible to have the same login ID for multiple users. The names of users,groups, roles, instance profiles must be alphanumeric,

49.  A user is planning to evaluate AWS for their internal use. The user does not want to incur any charge on his account during the evaluation. Which of the below mentioned AWS services would incur a charge if used?

a)      AWS S3 with 1 GB of storage

b)      AWS micro instance running 24 hours a day

c)      AWS ELB running 24 hours a day

d)      AWS PIOPS volume of 10 GB size

Ø  AWS PIOPS volume of 10 GB size.

50.  A user has developed an application which is required to send the data to a NoSQL database. The user wants to decouple the data sending such that the application keeps processing and sending data but does not wait for an acknowledgement of DB. Which of the below mentioned applications helps in this scenario?

a)      AWS Simple Notification Service

b)      AWS Simple WorkFlow

c)      AWS Simple Queue Service

d)      AWS Simple Query Service

Ø  AWS Simple Queue Service

       Amazon Simple Queue Service (SQS. is a fast, reliable, scalable, and fully managed message queuing service. SQS provides a simple and cost-effective way to decouple the components of an application. In this case, the user can use AWS SQS to send messages which are received from an application and sent to DB. The application can continue processing data without waiting for any acknowledgement from DB. The user can use SQS to transmit any volume of data without losing messages or requiring other services to always be available

51.  An organization has created 50 IAM users. The organization has introduced a new policy which will change the access of an IAM user. How can the organization implement this effectively so that there is no need to apply the policy at the individual user level?

a)      Use the IAM groups and add users as per their role to different groups and apply policy to group

b)      The user can create a policy and apply it to multiple users in a single go with the AWS CLI

c)      Add each user to the IAM role as per their organization role to achieve effective policy setup

d)      Use the IAM role and implement access at the role level

Ø  Use the IAM groups and add users as per their role to different groups and apply policy to group

52.  A user is planning to use AWS Cloud formation for his automatic deployment requirements. Which of the below mentioned components are required as a part of the template?

a)      Parameters

b)      Outputs

c)      Template version

d)      Resources

Ø   Resources

53.   A user has recently started using EC2. The user launched one EC2 instance in the default subnet in EC2-VPC Which of the below mentioned options is not attached or available with the EC2 instance when it is launched?

a)      Public IP address

b)      Internet Gateway

c)      Elastic IP

d)      Private IP address

   

(c)    Elastic IP

54.  A user has launched an EC2 instance. The user is planning to setup cloudwatch alarms.  Which of the following actions is not supported by cloudwatch alarms

a)      Notify the auto scaling launch config to scale up

b)      Send an SMS using SNS

c)      Notify the Auto scaling group to scale down

d)      Stop the EC2 instance

Ø  (b) – Send an SMS using SNS

55.  A user is trying to delete an Auto Scaling Group from CLI. Which of the following steps are to be performed by user

a)      Terminate the EC2 instances with the ec2-terminate-instance command

b)      Terminate the Auto scaling instances with the as-terminate-instance command

c)      Set the minimum size and desired capacity to 0.

d)      There is no need to change the capacity , run the as-delete-group command and it will reset all values to 0.

Ø  ( c) set the minimum size and desired capacity to 0.  But if deleting from AWS console, then no need to set to 0, but directly delete.

56.  An Organization is planning to create 5 different AWS accounts considering various security requirements. The organization wants to use a single payee account by using the consolidated billing option. Which of the following is true?

a)      Master - Payee account will get only the total bill and cannot see the cost incurred by each account.

b)      Master - Payee account can view only the AWS billing details of the linked accounts.

c)      It is not recommended to use consolidated billing since the payee account will have access to the linked accounts

d)      Each AWS account needs to create an AWS billing policy to provide permission to the payee account.

Ø  (b) Payee account can view only the AWS billing details of the linked accounts. AWS consolidated billing enables the organization to consolidate payments for multiple Amazon Web Services (AWS. accounts within a single organization by making a single paying account. Consolidated billing enables the organization to see a combined view of the AWS charges incurred by each account as well as obtain a detailed cost report for each of the individual AWS accounts associated with the paying account. The payee account will not have any other access than billing data of linked accounts.  

57.  A user has created a web application with Auto scaling.The user is regularly monitoring the application and he observed that traffic is highest on Thursday and Friday between 8 AM to 6 PM. What is the best solution to handle scaling in this case?

a)      Add a new instance manually by 8 AM Thursday and terminate it by 6 PM Friday. Schedule Auto

b)      Scaling to scale up by 8 AM Thursday and scale down after 6 PM Friday

c)      Schedule a policy which may scale up everyday at 8 AM and scale down by 6 PM

d)      Configure a batch process to add a instance by 8 AM and remove it by 6 PM Friday.

Ø  (b) setup a policy in Autoscaling to scale based on predictable traffic patterns.

58.  A user has setup a CloudWatch alarm on an EC2 action when the CPU utilization is above 75%. The alarm sends a notification to SNS on the alarm state. If the user wants to simulate the alarm action how can he achieve this?

a)      Run activities  on the CPU such that its utilization reaches above 75%

b)      From the AWS console change the state to ‘Alarm’

c)      The user can set the alarm state to ‘Alarm’ using CLI D

d)      Run the SNS action manually

Ø  (c ) The user can set the alarm state to “Alarm” using CLI - The user can test an alarm by setting it to any state using the SetAlarmState API

59.  A user has setup a billing alarm using CloudWatch for $200. The usage of AWS exceeded $200 after some days. The user wants to increase the limit from $200 to $400? What should the user do?

a)      Create a new alarm of $400 and link it with the first alarm

b)      It is not possible to modify the alarm once it has crossed the usage limit

c)      Update the alarm to set the limit at $400 instead of $200

d)      Create a new alarm for the additional $200 amount

Ø  (c)  If the user wants to increase the limit, the user can modify the alarm and specify a new threshold

60.  A sys admin has created the below mentioned policy and applied to an S3 object named aws.jpg. The aws.jpg is inside a bucket named cloudacademy. What does this policy define?

“Statement”: [{ “Sid”: “Stmt1388811069831”, “Effect”: “Allow”, “Principal”: { “AWS”: “*”}, “Action”: [ “s3:GetObjectAcl”,  “s3:ListBucket”,  “s3:GetObject”],  “Resource”:  [ “arn:aws:s3:::cloudacademy/*.jpg”] }]

a)         It is not possible to define a policy at the object level

b)         It will make all the objects of the bucket cloudacademy as public

c)         It will make the bucket cloudacademy as public

d)         the aws.jpg object as public

Ø  (a) it is not possible to define a policy at object level. A system admin can grant permission to the S3 objects or buckets to any user or make objects public using the bucket policy and user policy. Both use the JSON-based access policy language. Generally if the user is defining the ACL on the bucket, the objects in the bucket do not inherit it and vice a versa. The bucket policy can be defined at the bucket level which allows the objects as well as the bucket to be public with a single policy applied to that bucket. It cannot be applied at the object level.

61.  A user is trying to save some cost on the AWS services. Which of the below mentioned options will not help him save cost?

a)       Delete the unutilized EBS volumes once the instance is terminated

b)      Delete the AutoScaling launch configuration after the instances are terminated

c)       Release the elastic IP if not required once the instance is terminated

d)      Delete the AWS ELB after the instances are terminated

Ø  (b) AWS bills the user on a as pay as you go model. AWS will charge the user once the AWS resource is allocated. Even though the user is not using the resource, AWS will charge if it is in service or allocated. Thus, it is advised that once the user’s work is completed he should:

Ø        Terminate the EC2 instance

Ø        Delete the EBS volumes

Ø        Release the unutilized Elastic IPs

Delete ELB The AutoScaling launch configuration does not cost the user. Thus, it will not make any difference to the cost whether it is deleted or not.

62.  A user is trying to aggregate all the CloudWatch metric data of the last 1 week. Which of the below mentioned statistics is not available for the user as a part of data aggregation?

a)      Aggregate

b)      Sum

c)      Sample data

d)      Average

-          (a) Aggregate. Amazon Cloudwatch is a metrics repository. Either the user can send the custom data or an AWS product can put metrics into the repository and the user can retrieve the statistics based on those metrics.  The statistics are metric data aggregations over a specified periods of time made using namespace, metric name, dimensions and the data point unit of measure within the time period that is specified by the user.

-          Cloudwatch supports Sum, Min, Max, Sample Data and Average statistics aggregation.

63.  An organization is planning to use AWS for their production roll out. The organization wants to implement automation for deployment such that it will automatically create a LAMP stack, download the latest PHP installable from S3 and setup the ELB.  Which of the below mentioned AWS services meets the requirement for making an orderly deployment of the software?

a)      AWS ElasticBeanstalk

b)      AWS CloudFront

c)      AWS CloudFormation

d)      AWS DevOps

-           (c): AWS Cloudformation is an application management tool which provides application modelling, deployment, configuration, management and related activities. Cloudformation provides an easy way to create and delete the collection of related AWS resources and provision them in an orderly way. AWS CloudFormation automates and simplifies the task of repeatedly and predictably creating groups of related resources that power the user’s applications

-          AWS Cloudfront is a CDN;

-          Elastic Beanstalk does quite a few of the required tasks. However, it is a PAAS which uses a ready AMI. AWS Elastic Beanstalk provides an environment to easily develop and run applications in the cloud.

64.  A user has created a subnet with VPC and launched an EC2 instance in that subnet with only default settings.Which of the below mentioned options is ready to use on the EC2 instance as soon as it is launched?

a)      Elastic IP

b)      Private IP

c)      Public IP

d)      Internet Gateway

-          (b) Private IP. 

-          Elastic / Public IP / Internet Gateway need to be allocated

65.  An organization is setting up programmatic billing access for their AWS account. Which of the below mentioned services is not required or enabled when the organization wants to use programmatic access?

a)      Programmatic access

b)      AWS bucket to hold the billing report

c)      AWS billing alerts

d)      Monthly billing alerts

-          (c ):  AWS provides an option to have programmatic access to billing. The programmatic billing access leverages the existing Amazon S3 APIs. So the user can build applications that reference the billing data from CSV file stored in S3 bucket.  To enable programmatic access, the user has to first enable monthly billing report and then the user needs to provide an AWS bucket name where the billing CSV will be uploaded. Then enable programmatic access option.

66.  A user has configured the Auto Scaling group with the minimum capacity as 3 and the maximum capacity as 5. When the user configures the AS group, how many instances will Auto Scaling launch?

a)      3

b)      0

c)      5

d)      2

-          (c ) When the user configures the launch configuration and the Auto Scaling group, the Auto Scaling group will start instances by launching the minimum number (or the desired number if specified) of EC2 instances. If there are no other scaling conditions attached to the Auto Scaling group, it will maintain the minimum number of running instances at all times.

67.  An admin is planning to monitor the ELB. Which of the below mentioned services does not help the admin capture the monitoring information about the ELB activity?

a)      ELB access logs

b)      ELB health check

c)      Cloudwatch metrics

d)      ELB API calls with CloudTrail

-          (b) The admin can capture  information  about Elastic Load Balancer using either: CloudWatch Metrics ELB Logs files which are stored in the S3 bucket CloudTrail with API calls which can notify the user as well generate logs for each API calls The health check is internally  performed by ELB and does not help the admin get the ELB activity.

       An admin is planning to monitor the ELB. Which of the below mentioned services does not help the

68.  In Amazon S3, you can protect data in transit by using client side encryption or what other method?

a)      Encryption keys

b)      Server side encryption

c)      SSL

d)      MFA

-           (c ) SSL

69.  You have launched 6 new instances. 3 for production and 3 for testing. You want to set it up so that one particular group of IAM users can only access the 3 test instances and not the 3 production. How can you setup that as part of the policy

a)      Create an IAM policy with a condition which allows access to only new instances

b)      Launch the test and production instances in separate regions

c)      Define the tags on the test and production servers and add a condition to the IAM policy which allows access to specific tags

d)      Launch the test and production instances in separate availability zones

e)      Use MFA

-           (c ).

70.  In the basic monitoring package for EC2, Amazon cloudwatch provides the following metrics

a)      Web server visible metrics such as number failed transaction requests

b)      Operating system visible metrics such as memory utilization

c)      Database visible metrics such as number of connections

d)      Hypervisor visible metrics such as CPU utilization

-           (d )

71.  When working with Amazon RDS, by default AWS is responsible for implementing which of the following management related activities?

a)      Automatic Availability Zone failover

b)      Importing data and optimizing queries

c)      Creating and maintaining automated database backups in compliance with regulatory long term retention requirements

d)      Installing and periodically patching the database software

-          (a) and (d)

72.  Which of the following statements about SQS is true?

a)      Messages will be delivered exactly once and messages will be delivered in first in, first out order

b)      Messages will be delivered exactly once and the message delivery order is indeterminate

c)      Messages will be delivered one or more times and messages will be delivered in first in, first out order

d)      Messages will be delivered one or more times and message delivery order is indeterminate

-          (d) as SQS cannot guarantee the order of messages and messages could be delivered more than once.